Privacy Policy

Effective Date: 01 January 2026
Last Updated: 01 January 2026


This Privacy & Data Policy explains how Marina Penthouse d.o.o. ("we", "us", or "the Host") collects, uses, shares, and protects personal data when you browse our website and book a stay at our holiday apartment (the "Property"). We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).


1. Data & contact controller: Smoobu GmbH, Pappelallee 78/79, 10437 Berlin, Germany

Contact for privacy matters: service@smoobu.com


2. Scope:  This Policy applies to visitors to our website and guests who make an inquiry or booking, including individuals acting on behalf of a traveling party.

 

3. Categories of personal data we collect: We collect and process the following categories of personal data, depending on your interactions with us:

  • Identity data: full name, nationality, date of birth (if required by local laws)
  • Contact data: email address, phone number, billing address
  • Booking data: stay dates, number of guests, preferences (e.g., baby crib)
  • Payment data: payment method details (processed by our payment provider; we do not store full card numbers)
  • Communication data: messages, emails, feedback, and support requests
  • Technical data: IP address, device/browser information, cookies and similar technologies (see Cookies & Tracking)
  • Marketing preferences: newsletter opt-in/opt-out status

 

4. Purposes & legal bases (GDPR Art. 6):  We process personal data for the following purposes under the corresponding legal bases:

  • To manage inquiries and bookings; to provide customer service and pre-arrival information - **Contract** (Art. 6(1)(b)).
  • To process payments, security deposits, and refunds - **Contract** and **Legal obligation** (e.g., tax laws).
  • To meet local registration/tourist tax requirements - **Legal obligation** (Art. 6(1)(c)).
  • To communicate important updates about your stay (e.g., check-in instructions) - **Contract / Legitimate interests**.
  • To send marketing emails and offers (only with consent) - **Consent** (Art. 6(1)(a)); you can withdraw at any time.
  • To secure the website and prevent fraud - **Legitimate interests** (Art. 6(1)(f)).
  • To analyze site usage and improve services - **Consent** for analytics cookies where required; otherwise **Legitimate interests**.

 

5. Cookies & tracking technologies:  We use cookies and similar technologies to operate the website, remember your preferences, and, with your consent, measure performance and marketing effectiveness.

  • Strictly necessary cookies: enable core functions such as page navigation and booking steps (cannot be disabled).
  • Performance/analytics cookies: help us understand how visitors use the site.
  • Marketing cookies: used to deliver relevant offers; set only with your consent.
  • You can manage your preferences via our cookie banner or your browser settings. For more details, see our separate Cookie Policy (if available).

 

6. Payment processing:  Payments may be processed via third-party providers (e.g., card processors or booking platforms). These providers act as independent controllers or processors under their own terms and privacy notices.

  • We do not store full card details on our servers.
  • We receive confirmation of payment status and limited payment metadata from the provider to reconcile bookings.

 

7. Data sharing & recipients: We share personal data only when necessary and in line with this Policy:

  • Service providers (processors): booking engine, payment processor, email/SMS tools, IT hosting/support.
  • Professional advisors: accountants, legal counsel (where necessary).
  • Authorities: tax, tourism, law enforcement when required by law.
  • Successors: in case of business transfer/merger, subject to applicable safeguards.

 

8. International data transfers:  Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards such as adequacy decisions or Standard Contractual Clauses (SCCs).

 

9. Data retention:  We retain personal data only for as long as necessary for the purposes set out in this Policy and to comply with legal, accounting, or reporting obligations.

  • Bookings and invoices: retained for up to 11 years to meet tax/accounting rules.
  • Guest communications: retained for up to 12 months.
  • Marketing data: retained until you withdraw consent or object, after which it is promptly deleted or anonymized.

 

10. Security measures:  We apply appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

  • Access controls and least‑privilege permissions.
  • Encryption in transit (HTTPS) and secure configurations.
  • Vendor due diligence and data processing agreements.
  • Incident response procedures and regular reviews.

 

11. Your rights (GDPR):  Under GDPR, you may have the following rights, subject to conditions and exceptions:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion where we have no overriding legal basis to retain.
  • Restriction: limit processing in certain circumstances.
  • Portability: receive data in a structured, commonly used format.
  • Object: to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where processing is based on consent, without affecting prior lawful processing.
  • To exercise your rights, contact us at booking@marinapenthouse.com. We will respond within one month (extendable by two months for complex requests).


12. Complaints: If you believe your data protection rights have been violated, you can contact us or lodge a complaint with your local supervisory authority.

 

13. Children’s data: Our services are not directed to children under 21. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us so we can delete it.

 

14. Third-party links: Our website may contain links to third-party sites or platforms (e.g., maps, payment, booking engines). We are not responsible for their privacy practices. Review their policies before providing personal data.
 

15. Changes to this policy: We may update this Policy to reflect legal, technical, or business developments. The "Last Updated" date indicates the latest version. Material changes will be communicated via the website or email when appropriate.
 

16. Contact:  For questions about this Policy or our data practices, please contact: booking@marinapenthouse.com